package lk.config;

import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.stereotype.Service;

import javax.servlet.http.HttpServletRequest;
import java.util.Collection;

@Service("authorizeService")
public class AuthorizeService {

    public boolean check(Authentication authentication, HttpServletRequest request) {
        Object principal = authentication.getPrincipal();
        //判断是否是认证的用户
        if (principal != null) {
            //获取认证用户里的url列表
            Collection<? extends GrantedAuthority> authorities1 = authentication.getAuthorities();
            //判断url列表里是否包含request请求的url
            return authorities1.stream().map(GrantedAuthority::getAuthority).anyMatch(request.getRequestURI()::equals);
        }
        return false;
    }
}